package com.nzw.filter;



import com.nzw.filter.wrapper.XssServletWrapper;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * Created by 许湛司 on 2017/4/30.
 * 防止xss、sql注入攻击的filter
 */

public class XssFilter implements Filter {
    FilterConfig filterConfig = null;

    private String exclude;

    private String[] excludeUrls;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        /*exclude = filterConfig.getInitParameter("exclude");
        excludeUrls = exclude.split(",");
        StringBuffer sb = new StringBuffer();
        for (String url : excludeUrls) {
            if (url.endsWith("*")) {
                sb.append(url.substring(0, url.length() - 1)).append(",");
            }
        }
        if (StringUtil.isNotEmpty(sb.toString()))
            excludeStartUrls = sb.deleteCharAt(sb.length() - 1).toString().split(",");*/
    }




    public void destroy() {
        this.filterConfig = null;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
            chain.doFilter(new XssServletWrapper((HttpServletRequest) request), response);
    }


}
